Citrix Analytics for Security

Manage administrator roles for Security Analytics

Note:

Since July 2023, Microsoft has renamed Azure Active Directory (Azure AD) to Microsoft Entra ID. In this document, any reference to Azure Active Directory, Azure AD, or AAD now refers to Microsoft Entra ID.

As a Citrix Cloud administrator with full access permissions, you can invite other administrators to manage the Security Analytics offering and assign them one of the following custom roles:

  • Security Analytics- Full Administrator

  • Security Analytics- Read Only Administrator

You can add new administrators in two ways - individually as users or using Azure Active Directory groups. For more information on adding new administrators, see Manage Administrator Roles.

Note If a user is granted access directly as a user and through an Azure Active Directory Group, the access granted individually to the user takes effect.

Permissions for the custom roles

The administrators with the Security Analytics- Full Administrator role can access all the features and functionalities of the Security Analytics offering. They can use and modify the features according to their organizational requirements. For example, a full administrator can create custom risk indicators, enable geofence, and create policies.

The administrators with the Security Analytics- Read Only Administrator role can only access and view the Security dashboards- Users, User Access, App Access, Access Assurance, and Reports. They can monitor user behavior and view the user events on these dashboards. However, they are not allowed to perform any critical tasks such as:

  • Turn on or off data processing for the data sources

  • Create or remove policies and actions

  • Apply actions manually on the risk indicators shown on the user risk timeline

  • Create, modify, or delete custom risk indicators

  • Create custom reports

  • Add, modify, or delete another admin user

  • Add or modify geo-fence for access assurance location

Security alert notifications for the administrators

Like the Citrix Cloud administrators with full access permissions, the administrators with the custom roles (Full access and Read-only access) receive email notifications from Security Analytics.

The administrators receive two types of email notifications:

  • Weekly notification about the security insights in their organization. For more information, see Weekly email notification.

  • Notifications based on the Notify administrators action. For more information, see Policies and actions.

If you are a Citrix Cloud administrator with full or custom access permission, the email notifications are disabled by default in your Citrix Cloud account. To receive email notifications from any Citrix Cloud services such as Citrix Analytics, enable the notification option in your Citrix Cloud. For more information, see Received email notifications. Notification preferences are not available for administrators who are added through Active Directory/Azure AD Groups.

The notification preference is leveraged while sending notifications such as weekly emails, Notify Administrators action emails, and alerts for data exports. For the email notifications, if you wish to stop receiving emails, an administrator with Full access to Security Analytics must remove you from the distribution list. For more information about the distribution list, see Email distribution list.

Note

Citrix Cloud Administrators (with full or custom access permission) do not receive any notifications from other Citrix Cloud services that leverage Notification Preferences.

Notification settings

For more information, see Manage administrators for Citrix Analytics.

Manage administrator roles for Security Analytics